CVE-2018-13402

Summary

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.6.9affected
AtlassianJira7.7.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.7.5affected
AtlassianJira7.8.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.8.5affected
AtlassianJira7.9.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.9.3affected
AtlassianJira7.10.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.10.3affected
AtlassianJira7.11.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.11.3affected
AtlassianJira7.12.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.12.3affected
AtlassianJira7.13.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.13.1affected

Weaknesses

  • URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References